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PROTECTED STORAGE DEVICE FOR COMPUTER SYSTEM 



The present invention relates to a method and apparatus for 
controlling access to and corruption of information in a 
5 computer system. 

US 5,657,473 discloses a method and apparatus particularly 
concerned with the detection and containment of hostile 
programs such as "virus" programs within computer systems, 

10 said method including dividing the information stored on the 
storage medium into a plurality of non-overlapping partitions, 
including a boot partition and a plurality of general 
partitions, each of the partitions being further divided into 
a plurality of sectors, any designated subset of the general 

15 partitions being active at any given time when the computer 
system is in use, 

said invention employing a supervising means (a Supervisor) 
separate of the central processing unit (CPU) 
allowing/restricting/prohibiting read/write operations upon 
20 the storage medium depending on whether information to be read 
from a sector or written to a sector is in the boot partition, 
or in a general partition, and whether the partition is active 
or inactive, and 
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said supervising means also allowing a format operation only 
on a partition which is active and prohibiting a format 
operation on the boot partition, or on a general partition if 
it is inactive. 

5 

The described invention preferably uses a second processor 
which is made inaccessible to the user and to the virus, 
supervising all data transfers between and within sub- 
divisions of the device or devices placed under its control. 

The Patent Application describes, as an example, an embodiment 
comprising a printed circuit board assembly containing a 
dedicated micro-controller, used in place of the hard disk 
controller within the computer system. 

15 

EP 0 800 135 Al discloses a method and apparatus for 
controlling access to and modification of information stored 
on a storage medium forming part of a computer system, 
said invention including by reference all aspects of the 
20 aforesaid invention of US 5,657,473, 

said invention designating at least one partition a Write Many 
Recoverable (WMR) partition wherein, in use, if a write 
command is issued to overwrite any resident information stored 
in a/ the WMR partition by updated information, the updated 





-3- 

information is written on the storage medium in a location 
other than where any resident information is stored and a 
(virtual) pointer to the updated information is stored in a 
Sector Relocation Table (SRT) so that the updated information 
5 can be accessed, as required during the remainder of a (user) 
session. An alternative method is also described wherein, if a 
write command is issued to overwrite any resident information 
stored in a/the WMR partition, prior to undertaking said write 
command said information is copied and stored elsewhere on the 
10 storage medium to be copied back to said WMR partition when 
required. This could be implemented, for example, by a system 
reset . 

The application describes, as an example, an embodiment 
15 comprising a printed circuit board assembly (PCBA) containing 
a dedicated micro-controller placed in-line between the 
computer system hard disk drive controller (often embedded 
within the computer system motherboard) and the hard disk 
drive . 

20 

The method and apparatus in the aforementioned inventions 
propose the use of a second processor separate from the 
computer system central processing unit (CPU) . Although the 
aforesaid inventions do not specifically limit their scope to 
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combined hardware and firmware embodiments, both describe in 

detail embodiments which include a separate printed circuit 
board assembly, placed between the CPU and the storage medium. 
Such hardware embodiments have the following disadvantages: 
5 Such hardware embodiments have an associated cost per unit, 
which results in a base cost for the invention which must be 
met irrespective of sales volume; 

Such hardware embodiments must be installed within the 
computer system, generally requiring the computer system case 
10 to be removed; 

Such hardware embodiments require safety and emission 
approvals and require a high level of testing to ensure 
compatibility across the wide spectrum of existing computer 
systems ; 

15 Such hardware embodiments are subject to a level of component 
failures . 

It is the subject of the present invention to avoid or 
minimise one or more of the aforesaid disadvantages. This 
20 document discloses a method (and related apparatus for) 

incorporating the methods outlined in both US 5,657,473 and EP 
0 800 135 Al into the storage device itself. 
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Storage devices are frequently intelligent containing their 
own processor module, this being a potential candidate to 
undertake the functions of a Supervisor as described within 
the aforesaid inventions. This intelligent module controls the 
5 transfer of information to and from the storage medium via the 
interface to the computer system. According to the present 
invention as defined herebelow, this intelligent module is 
used to allow/restrict/prohibit, read/write operations upon 
the storage medium in a manner consistent with the aforesaid 
10 inventions . 

According to a first aspect of the invention we provide a 
storage device for a host computer system, the storage device 
comprising: storage means for storing information; intelligent 

15 means for controlling the transfer of information to and from 
the storage means; and interfacing means for interfacing the 
storage device with the host computer system and via which 
information is transferred to and from the storage means under 
the control of said intelligent means, 

20 the storage means comprising: a storage medium divided into a 
plurality of non- overlapping partitions; non-volatile read- 
only-memory (ROM) means for storing firmware for controlling 
operation of the storage device; and volatile random-access- 
memory (RAM) means; 
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wherein supervising means is incorporated in said storage 
means for operating said intelligent means so as to protect 
information stored in the storage medium. 




5 The term "information" as used herein is intended to cover 
information, data and/or program code, any or all of which may 
be stored in the storage means . 

The supervising means ("Supervisor") preferably protects the 
10 said information by controlling access to and modification 

thereof in accordance with pre-programmed protection criteria. 

Incorporating the Supervisor within the storage device has the 

following advantages: 
15 where an intelligent means is already present on the storage 

device, the methods outlined in the aforesaid inventions may 

be implemented with no hardware changes to the storage device; 

physical installation of a separate PCBA containing the 

Supervisor is no longer required: Supervisor firmware may be 
20 included within the storage device during manufacture or may 

be added by means of a software utility; 

since a separate PCBA is no longer required, manufacturing 
costs are significantly reduced by removing the requirement 
for additional hardware components and no additional safety or 
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emission testing is required over and above that required for 
the storage device without Supervisor firmware; 
by removing the requirement for additional circuitry external 
to the storage device, there is a reduction in the 
5 compatibility issues that may arise from the diversity of 
computer systems and storage device combinations which are 
possible. 

The storage device may be a hard disk drive. The storage 
10 medium may comprise one or more disk platters. The supervising 
means is preferably provided as firmware which is stored in 
said non-volatile ROM on the storage device. The intelligent 
means preferably comprises a processor, often referred to as a 
micro-controller, which runs the Supervisor firmware stored in 
15 the ROM means. Hard disk drives are now available which 

incorporate a printed circuit board assembly (PCBA) including 
a micro- controller for running programs stored in memory means 
provided on the PCBA. In such drives, this processor means may 
conveniently function as the micro-controller for use in the 
20 present invention. The Supervisor firmware can be stored in 
non- volatile ROM provided on the PCBA. 



Said non- overlapping partitions into which the storage medium 
is divided preferably include a boot partition and at least 
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one general partition, each said partition being divided into 

a plurality of sectors. The storage medium may have a 

plurality of general partitions defined thereon, any 

designated subset of which are active at any given time, in 

5 use of the computer system. 

Preferably, the supervising means operates said intelligent 
means so as to allow/restrict/prohibit read/write operations 
upon the storage medium depending upon whether information to 

10 be read from a sector or written to a sector is operating 

system information or user information, whether the sector is 
in the boot partition or in a general partition and whether if 
the partition is a general partition the partition is active 
or inactive. The supervising means may also allow a format 

15 operation only on a general partition which is active and 
prohibit a format operation on the boot partition or on a 
general partition which is inactive. 

It will be appreciated that the supervising means preferably 
20 also ensures that firmware stored on the ROM means of the 
storage device, which includes the firmware providing the 
supervisor means, is also protected in that a user, or a user 
program operating in the host computer system, does not have 
access to the ROM means (or the RAM means) of the storage 
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device itself and any firmware or other code stored therein is 
thus unalterable by the user or user program. 



Optionally, the supervising means may cause a warning to be 
5 issued to the user should an attempt be made to perform a 
prohibited read, write or format operation. 

At least one of said partitions of the storage device may 
comprise a Write Many Recoverable (WMR) partition wherein, in 

10 use, if a write command is issued to overwrite (i.e. update) 
any information stored in the WMR partition the updated 
information is stored elsewhere on the storage medium, 
preferably in a dedicated area of the storage medium, and a 
(virtual) pointer to the updated information kept so the 

15 updated information can be accessed as required during the 
remainder of the session, wherein a system reset causes the 
list of pointers to the updated information, and optionally 
the updated information itself, to be cleared. 

20 Where such a WMR partition is provided, the or each said WMR 
partition preferably has a Sector Relocation Table (SRT) 
associated therewith which is held in said volatile RAM means 
of the storage device, each entry in a said SRT is a (virtual) 
pointer which defines the address of a range of sectors in the 
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WMR partition that have been updated and an address where the 

updated information is located, this location being within a 

dedicated area on the storage medium which is accessed only by 

the supervisor means. 

5 

Alternatively, at least one of said partitions of the storage 
device comprises a Write Many Recoverable (WMR) partition 
wherein, in use, if a write command is issued to overwrite 
(i.e. update) any information stored in a/the WMR partition 
10 prior to undertaking said write command said information is 
copied and stored elsewhere on the storage medium to be copied 
back to said WMR partition when required. This could be 
implemented, for example, by a system reset. 

15 Where the storage medium comprises at least one disk platter 
and a boot partition, said boot partition will include a disk 
boot sector. According to the present invention, the storage 
device may be provided with loader means and said supervising 
means may be adapted to intercept any request for the disk 

20 boot sector, issued by the host computer system in use 

thereof, and supply said loader means to satisfy the request. 
The loader means is preferably configured to load or transfer 
a predetermined code segment, which is stored on the storage 
means, to a central processing unit (CPU) of the host computer 
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system to be executed by the computer system prior to 
(normal) operating system boot. This code segment may provide 
user prompts, and communication with the supervising means. 
The loader means is preferably provided in said non-volatile 
5 ROM of the storage device. Alternatively, said loader means 
may be provided in. a reserved area on the storage medium, for 
example in one or more reserved tracks of a said disk platter 
of the storage device. This reserved area is preferably 
inaccessible to a user or user program (but is accessible to 
10 the Supervising means) whereby unauthorised alteration of the 
loader means is prevented. 

The code segment may be provided in said non-volatile ROM 
means of the storage device or, preferably, in a reserved area 
15 of the storage medium which is also preferably inaccessible to 
a user or user program, but is accessible to the Supervising 
means, whereby unauthorised alteration of the code segment is 
prevented . 

20 Optionally, the storage device may be placed in either 

"supervised" mode, in which the supervising means is active, 
or "unsupervised" mode in which the supervising means is not 
active. Said code segment, when executed, preferably provides 
user prompts which allow a user to select either "supervised" 
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mode, or by entry of a password select "unsupervised" mode. 

The code segment is preferably constructed such that, 

subsequent to mode selection by the user, the code segment 

transfers and executes a boot program from the disk boot 

5 sector of the storage medium which, in turn, initiates 

operating system boot (in the host computer system) The 

correct password (for comparison against a password input by a 

user) may be stored in said non-volatile ROM of the storage 

device or on the storage medium itself. 

10 

According to a second aspect of the invention we provide a 
computer system incorporating a storage device according to 
the above-described first aspect of the invention. 

15 According to a third aspect of the invention we provide a 
method of controlling access to and modification of 
information stored on a storage medium of a storage device for 
incorporation in a host computer system wherein the storage 
device comprises storage means for storing information, 

20 intelligent means for controlling the transfer of information 
to and from the storage means, and interfacing means for 
interfacing the storage device with the host computer system 
and via which information may be transferred to and from the 
storage means under the control of said intelligent means, and 
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the storage means comprises: a storage medium; non-volatile 
read-only-memory (ROM) means for storing firmware for 
controlling operation of the storage device; and volatile 
random- access -memory (RAM) means; 
5 the method comprising the steps of: 

dividing the storage medium into a plurality of non- 
overlapping partitions including a boot partition and at least 
one general partition, and dividing each said partition into a 
plurality of sectors; 
10 providing supervising means in said storage means for 

operating said intelligent means so as to protect information 
stored in the storage medium; and 

incorporating the storage device in a host computer system, 
and running the host computer system with the supervising 
15 means operating said intelligent means so as to protect 
information stored in the storage medium. 

Preferably said supervising means is provided for 
allowing/restricting/prohibiting read/write operations upon 
20 the storage medium depending upon whether information to be 
read from a sector or written to a sector is operating system 
information or user information, whether the sector is in the 
boot partition or in a general partition and whether if the 
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partition is a general partition the partition is active or 
inactive , 

said supervising means optionally also allowing a format 
operation only on a general partition which is active and 
5 prohibiting a format operation on the boot partition or on a 
general partition which is inactive, 

said supervising means being adapted to intercept each 
interface request from the host computer system to said 
storage device, 

10 and the supervising means, preferably, causing a warning to be 
issued to the user should an attempt be made to perform a 
prohibited read, write or format operation which operation is 
prevented by the supervising means; 

providing a loader means, said supervising means being adapted 
15 to supply said loader means in response to any request, issued 
by the host computer system, for the disk boot sector of the 
boot partition; and executing the loader means by the central 
processing unit (CPU) of the computer system in place of the 
requested disk boot sector, the loader sector transferring a 
20 code segment stored in the storage device, preferably in the 
storage medium thereof, into a RAM of the CPU for execution 
thereon, the code segment, when executed, initiating a user 
interface procedure, preferably in the form of user prompts, 
whereby a user may select one or more protection options; 




P08234GB.DOC 



-15- 

and whereupon, subsequent to a said selection having been made 
by the user, said code segment transfers the disk boot program 
stored in the disk boot sector as originally requested and, in 
turn, executes the disk boot program which then initiates 
5 operating system boot (in the host computer system) . 

Said selection of protection options preferably includes the 
option, by entering a predetermined password, of setting the 
storage device in "unsupervised mode" whereby interface 

10 requests are not intercepted by the supervising means. The 
selection may also include the option of setting the storage 
device in "supervised" mode and further selecting one or more 
active partitions and/or of designating at least one of said 
partitions a Write Many Recoverable (WMR) partition wherein, 

15 in use, if a write command is issued to overwrite any resident 
information stored in a/ the WMR partition by updated 
information, the updated information is written on the storage 
medium in a location other than where any resident information 
is stored and a (virtual) pointer to the updated information 

20 is set up/kept so that the updated information can be 
accessed, as required during the remainder of a session. 

The method may further include storing a Sector Relocation 
Table (SRT) which contains the (virtual) pointers associated 
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with each said WMR partition in the volatile RAM means of the 
storage device . 

Alternatively, the method may include the option of 
5 designating at least one of said partitions a Write Many 
Recoverable (WMR) partition wherein, in use, if a write 
command is issued to overwrite (i.e. update) any information 
stored in a/the WMR partition prior to undertaking said write 
command said information is copied and stored elsewhere on the 
10 storage medium to be copied back to said WMR partition when 
required. This could be implemented, for example, by a system 
reset . 

Preferred embodiments of the invention will now be described 
15 by way of example only, and with reference to the accompanying 
drawings in which :- 

Fig l is a schematic diagram of a hard disk drive according to 
one embodiment of the invention; 

Fig. 2 is a flow chart illustrating a modified operating boot 
20 sequence implemented in the hard disk drive of Fig.l. 

Fig.l shows a storage device in the form of a hard disk drive 
1 for incorporating in a host computer system (not shown) . The 
drive is of conventional form having one or more disk platters 
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2 mounted on a spindle motor drive mechanism on a printed 
circuit board assembly (PCBA) 3 having a ROM chip 4 containing 
firmware for controlling operation of the drive, and a RAM 
chip 5 . The drive has an interface connector 6 which enables 
5 interfacing of the disk drive 1 to the host computer system, 
via which interface connector information, including user 
information, operating system information, data and other 
programs, is transferred to and from the disk platter (s) 2. 
The PCBA 3 has a micro-controller 7 provided thereon which 
10 runs the firmware contained in the ROM chip 4, accesses the 
RAM chip 5 and controls the transfer of information, data 
and/or programs to and from the disk platter (s) via the 
interface. 

15 The firmware in the ROM includes "Supervisor" firmware for 
intercepting and validating each request to the hard disk 
(from the host computer system) in a manner previously 
described in US 5,657,473, the contents of which are therefore 
incorporated herein by reference. The operation of the disk 

20 drive beneficially also includes a method of controlling 

access to and modification of information stored on the disk 
platter (s) of the drive utilising a Write Many Recoverable 
(WMR) partition (or partitions) as previously disclosed in EP 
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0 800 135 Al, the content of which is also therefore 
incorporated herein by reference. 




Thus, the supervising means (Supervisor) forms part of the 
5 hard drive itself, separate of a central processing unit (CPU) 
of the host computer system and inaccessible to the user, the 
supervising means controlling access to information stored on 
the disk platter (s) . 

10 According to the described embodiment, the disk drive 

operation provides a method giving the user the capability of 
selecting either an "unsupervised" or "unprotected" mode 
through entry of a password, or selecting a "supervised" or 
"protected" mode with further selection of one or more active 

15 partitions. To do this, a loader means in the form of a 

virtual "loader sector" is provided in the form of executable 
code stored in the non-volatile ROM chip 4, the loader sector 
acting as a replacement for the disk boot sector of the active 
partition on the storage device, whereby each request (by the 

20 host computer system) for said disk boot sector is intercepted 
by the Supervisor and said loader sector is supplied to 
satisfy the request, the loader sector being executed by the 
CPU of the computer system in place of the requested disk boot 
sector, said loader sector transferring a code segment (stored 
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on a reserved track therefor on the disk platter (s) and 
referred to in further detail below) into RAM of the CPU of 
the host computer system for execution thereby; 
said code segment when executed, providing all required user 
5 prompts and communication with the Supervisor required for 
entry into either "protected" or "unprotected" mode, such 
that, subsequent to mode selection, said code segment executes 
the original disk boot sector program which then initiates the 
process of operating system boot. This modified operating 
10 system boot operation will now be explained in further detail 
with reference to Fig. 2 of the drawings which is a flow chart 
illustrating this operating system boot sequence. 

In the normal operation of a computer system, upon switch on 
15 of the system (or a request to re-boot the system) the host 
system central processing unit (CPU) requests the disk boot 
sector from the boot partition of a disk platter of the hard 
drive. In the present invention, the Supervisor intercepts 
any request for the disk boot sector. Upon interception of the 
20 disk boot sector request, the Supervisor returns the loader 
means (namely the virtual "loader sector") stored in the ROM 
chip 4 in place of the disk boot sector. The host system will 
be unaware of this change having been made and will execute 
the loader sector which, in turn, transfers a code segment, 
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stored in the storage device, to a RAM in the host computer 
system. This code segment is stored in a track 8 on the disk 
platter (or one of the disk platters) which is reserved 
therefor. This track is accessible only to the Supervisor 
5 means, being a track which is outside the area of the disk 
platter accessible to the host operating system. 



The code segment contains code, to be executed by the host 
system, which issues user prompts and which communicates with 
10 the Supervisor, in order to enable the user to set the system 
in the "protected" mode or "unprotected" mode, as will be 
described herebelow. 

Once the code segment has been transferred to the RAM of the 
15 host computer system it is executed thereby so as to, firstly, 
establish communication with the Supervisor, and then provide 
a user display screen (known as the HARDWALL banner - HARDWALL 
is a registered trade mark of Vircon Limited) which prompts 
the user to select a desired protection mode, namely either 
20 "protected" or "unprotected" . If the user selects the 

"protected" mode the code segment then requests a list of 
dormant partitions from the Supervisor and displays them on 
the screen of the computer system and prompts the user to 
select one or more partitions from the list. Once the user has 
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selected one or more partitions the code segment informs the 
Supervisor of this choice. Prior to selecting a partition or 
partitions, which then become active, the system will 
previously have been configured in terms of partitions and a 
5 level of protection associated with them. These may be 

established by means of a software utility. In general, there 
are three types of partition, namely general partitions, read- 
only partitions and WMR partitions. Typically, a read-only 
partition and a WMR partition are always available. At the 

10 start of a session, when a general partition (or partitions) 
is selected and made active it is granted full read/write 
access. The remaining general partitions then become dormant 
whereby the Supervisor prevents their contents being accessed 
and hence protects them during that particular user session 

15 (which lasts until switch-off or re-boot of the computer 
system) . Read-only partitions are granted read access only, 
all write commands being prohibited by the Supervisor. The 
function and features of the Supervisor are disclosed and 
described in detail in US 5,657,473 (incorporated herein by 

20 reference) and will therefore not be repeated here. 

In the preferred embodiment, at the stage of the process where 
the user selects one or more active partitions, the executed 
code segment will make available to the user one or more 
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partitions designated as Write-Many-Recoverable (WMR) 

partitions. If a write command is issued by the host system 

(e.g. by a user program) to overwrite any resident information 

stored in that WMR partition, the updated information is 

5 stored elsewhere on the disk platter (s) in a dedicated area 

thereof, and a. (virtual) pointer to the updated information is 

kept (in the RAM chip 5 of the drive) so the updated 

information can be accessed as required during the remainder 

of the session, and wherein a system reset causes the list of 

10 pointers to the updated information, and optionally also the 
updated information itself, to be cleared. Each WMR partition 
has a Sector Relocation Table (SRT) associated with it 
containing the (virtual) pointers which define the address of 
a range of sectors in the WMR partition which have been 

15 updated and an address where the updated information is 

located. This updated information is located in a dedicated 
area of the disk platter (s) which is accessible only to, and 
is protected by, the Supervisor. This may be achieved by the 
dedicated area being disposed in an area of the disk 

20 platter (s) to which any access by the host system is denied by 
the Supervisor, the dedicated area in this manner being 
effectively "hidden" from the host system. Alternatively, the 
dedicated area could be disposed outwith the physical area 
(namely tracks) of the disk platter (s) which is accessible to 
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the host operating system, in an area which is accessible only 
to the Supervisor. The SRT table (s) are stored" in the RAM chip 
5 of the disk drive l. The details and implementation of the 
WMR technique are disclosed and described in detail in EP 0 
5 800 135 Al, previously referred to and incorporated herein by 
reference, and are therefore not described in any further 
detail herein. It will be appreciated that the WMR facility 
enables a user to write to the designated WMR partition (s) 
during a session on the computer system, but each time the 
10 computer system is re-booted all changes are erased so as to 
leave each WMR partition in its original state. Typically, the 
boot partition will be chosen by the user to be designated a 
WMR partition. 

15 In an alternative WMR technique, also described in EP 0 800 
135 Al, if a partition is designated as WMR, in use, if a 
write command is issued to overwrite (i.e. update) any 
information stored in a/the WMR partition prior to undertaking 
said write command said information is copied and stored 

20 elsewhere on the storage medium to be copied back to said WMR 
partition when required. This could be implemented, for 
example, by a system reset. For the avoidance of doubt, the 
use of this alternative WMR is method is also intended to be 
within the scope of the present invention. 
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The RAM chip 5 is also used to store information regarding the 
protection state attributed to each partition in the drive at 
any given time, for example which partitions are active and 
5 which are inactive, which are WMR partitions, which are 
read/write accessible, which are read-only, etc. This 
information, which can be referred to as a Permission Table, 
is also stored in the RAM chip 5 of the disk drive 1. 

10 Once the active partition (s) have been selected, and any WMR 
partitions, the code segment transfers the original disk boot 
sector stored in the disk drive to the host computer system 
RAM for execution thereby, the executed disk boot sector 
initiating operating system boot in the host system. 

15 

If, at the stage where the user is prompted to select 
"protected" or "unprotected" mode (i.e. "supervised" or 
"unsupervised"), the user selects "unprotected", the code 
segment prompts the user to enter a password. The password 
20 entered by the user is then transferred to the Supervisor 
firmware for validation thereby (by matching it against a 
correct password stored in the ROM chip 4 of the drive 1) . A 
limited number of retries is permitted if the user enters an 
incorrect password. Once a correct password has been entered 
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and validated, the code segment provides the user with the 
option of requesting to change the password. If such a request 
is made, the code segment prompts for a new password to be 
entered twice, the two entered passwords then being 

5 transferred to the Supervisor firmware for comparison and 
storage (in the ROM chip 4 of the drive). The Supervisor then 
enters the "unprotected" or "unsupervised" mode and the code 
segment proceeds to transfer the original disk boot sector to 
the host system RAM for execution thereby in order to initiate 

10 operating system boot in the host system. 

A more detailed description of the above -described embodiment 
is not given herein, as this would be within the normal 
understanding of a person skilled in the art . 

15 

The embodiment of the present invention includes no physical 
electronic components that are not present in many 
commercially available hard disk drives. The invention 
requires only the following features in the disk drive in 
20 order to implement the invention thereon: 

memory locations within the Read Only Memory (ROM) chip 4 to 
contain the firmware code to implement Supervisor 
functionality (the Supervisor firmware) ; 
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integration of the Supervisor firmware into the existing 

control firmware of the hard disk drive, ensuring that no 

interface request is serviced before the Supervisor firmware 

has checked and validated the request; 

5 memory locations with the embedded Random Access Memory (RAM) 

5 of the hard disk drive to store the SRT and Permission Table 

which are created and maintained during each session on the 

computer system; 

memory locations within the ROM for the storage of the 
10 password for use in selecting supervised or unsupervised mode; 
memory locations within the ROM 4 for the storage of the 
(virtual) loader sector; 

sectors on the hard disk drive itself for storage of the code 
segment which is required to be passed to the computer system 
15 and executed during the initial power up and configuration 

process, said sectors being within one or more reserved tracks 
on the disk surface which are inaccessible to the host 
computer system (and any user programs running therein) and 
accessible only to the Supervisor. 

20 

It should be noted that the Supervisor firmware is configured 
to prohibit any access to itself, or alteration to itself, by 
user commands (issued by a user or user program) which attempt 
to read, corrupt or modify the Supervisor firmware. 
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It will be appreciated that, as an alternative to providing 
the invention in the drive at manufacture thereof, where a 
hard drive having the necessary features outlined immediately 
5 above is provided, the invention could be implemented by 
loading the Supervisor firmware into the disk drive by means 
of a software utility program in order to obtain a disk drive 
which operates in accordance with the present invention. 
Although the Supervisor firmware will preferably be loaded 

10 into the ROM of the drive, it is envisaged that some or all of 
the Supervisor firmware could be written onto the disk 
platter (s). In this latter case, any of the Supervisor 
firmware which is stored on the disk platter (s) will be 
protected by the Supervisor itself so that a user or user 

15 program cannot gain read or write access thereto. 

The embodiments of the present invention hereinbefore 
described are given by way of example only, and it will be 
appreciated that various modifications thereto will be 
20 possible without departing from the scope of the invention. 
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